Presentation on theme: "Don't Be a Cog in the Wheel! Participating in the Infosec Community! Chris Gerling."— Presentation transcript:
Don't Be a Cog in the Wheel! Participating in the Infosec Community! Chris Gerling
Who am I? Founder of the SecuraBit podcast Brief stint on Hak5 8 years in the US Navy 2 years at the Federal Reserve Currently at RSA NetWitness Tinkerer, Networker, Researcher SecuraBit/Gh0st Lab
Our Community Podcasts Blogs Social Networks Group collaboration Conferences Organizations Mentoring
Podcasts? Why? Great way to get exposed to current events! Networking! Entertainment! Popular tools, aka Podcatchers: iTunes (bloatware but the most popular) gpodder Juice http://en.wikipedia.org/wiki/List_of_podcatchers
Blogs There are a lot of cool people who maintain blogs out there o Contagio for malware samples! o http://www.securitybloggersnetwork.com/security- bloggers-network-the-feed/ (300 blogs) http://www.securitybloggersnetwork.com/security- bloggers-network-the-feed/ Great way to stay on top of things
Social Networks Join the twitter fun! o Talk to people like Jack Daniel, SecBarbie, Rafal Los, etc! o Excellent late breaking stuff if you keep up with the hashtags and lists FaceBook o Like our page! LinkedIn (Change your password…)
Group Collaboration Have you heard of github? If not, check it out: o www.github.com - Social Coding www.github.com Google Code IRC o There are LOTS of networks and channels to join! Find people who want to do cool things and organize or join! Google Hangouts!
Conferences Get out there and find a conference to attend! One of the best networking tools available They’re springing up all over (Bsides for example) Defcon, Shmoocon, Derbycon are good sized Don’t forget smaller venues like CarolinaCon, Day-Con
Organizations ISSA Infragard 2600 Local orgs like RichSec! Join one and meet other people, often times there are smaller meetups that can be just as effective as a conference! RIP 1943-2012
Mentoring Look out for others Ask questions and answer them Nobody knows everything Share what you find Everyone’s a n00b at some point
So why be involved? Staying in your basement doesn’t help you or anyone else We can create a better baseline of knowledge and avoid making the same mistakes Education helps everyone
Helping out new generations Here’s what we have locally that is still active as far as I know: RichSec SecuraBit (with Gh0st Labs) Hack.RVA ISSA NoVA Hackers (You have participate to stay a member – this is a good thing!)
Don’t solve the same problems! Do you want to keep fixing systems compromised by ancient vulnerabilities because an org doesn’t want to patch? Embrace new technology and methodology Share these with your colleagues! Threat vectors change, risk management looks a lot different today!
The same problems continued… Example: PCI Compliance Investigations in 2011* o Over 97% were cited for insufficient firewall policies o Over 83% were cited for default or easily guessed passwords o 99.2% failed to properly monitor internal network access! How old are these problems? Do you have the power to affect change here? *Source: Trustwave 2011 Global Security Statistics and Trends by Charles Henderson
What can I do? Participate! o Comment on blogs, videos, podcasts o Be active in IRC, Twitter o Write/Evaluate/Share code and ideas! Start a podcast or blog o Challenge established entities o Join an existing one o Offer constructive criticism We do ours because we want to stay connected!
What can I do? Continued… Work with other parts of IT, we’re all on the same team! Avoid the “9-5” mentality o This does NOT mean you have to work 100 hours a week o Question ineffective methodologies and don’t just “do your job” Ignorance breeds incompetence which puts us all further behind the curve!
Rock Stars We have them, they aren’t all what they seem though o They’re just people and are smart enough, nice enough, and gosh darn it, people like them! o We put them on a pedestal because they drive change o Say hi, they don’t bite too hard! Be the change you want to enact and others will follow!
Questions? Do you know anyone who doesn’t know about local security organizations? Make them aware!